org.apache.http.conn.ssl

Class SSLSocketFactory

java.lang.Object

org.apache.http.conn.ssl.SSLSocketFactory

All Implemented Interfaces:

LayeredSchemeSocketFactory, LayeredSocketFactory, SchemeLayeredSocketFactory, SchemeSocketFactory, SocketFactory, ConnectionSocketFactory, LayeredConnectionSocketFactory

Deprecated.

(4.3) use SSLConnectionSocketFactory.

@ThreadSafe
@Deprecated
public class SSLSocketFactory
extends java.lang.Object
implements LayeredConnectionSocketFactory, SchemeLayeredSocketFactory, LayeredSchemeSocketFactory, LayeredSocketFactory

Layered socket factory for TLS/SSL connections.

SSLSocketFactory can be used to validate the identity of the HTTPS server against a list of trusted certificates and to authenticate to the HTTPS server using a private key.

SSLSocketFactory will enable server authentication when supplied with a trust-store file containing one or several trusted certificates. The client secure socket will reject the connection during the SSL session handshake if the target HTTPS server attempts to authenticate itself with a non-trusted certificate.

Use JDK keytool utility to import a trusted certificate and generate a trust-store file:

keytool -import -alias "my server cert" -file server.crt -keystore my.truststore
 

In special cases the standard trust verification process can be bypassed by using a custom TrustStrategy. This interface is primarily intended for allowing self-signed certificates to be accepted as trusted without having to add them to the trust-store file.

SSLSocketFactory will enable client authentication when supplied with a key-store file containing a private key/public certificate pair. The client secure socket will use the private key to authenticate itself to the target HTTPS server during the SSL session handshake if requested to do so by the server. The target HTTPS server will in its turn verify the certificate presented by the client in order to establish client's authenticity.

Use the following sequence of actions to generate a key-store file

• Use JDK keytool utility to generate a new key

  keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore

  For simplicity use the same password for the key as that of the key-store

• Issue a certificate signing request (CSR)

  keytool -certreq -alias "my client key" -file mycertreq.csr -keystore my.keystore

• Send the certificate request to the trusted Certificate Authority for signature. One may choose to act as her own CA and sign the certificate request using a PKI tool, such as OpenSSL.

• Import the trusted CA root certificate

  keytool -import -alias "my trusted ca" -file caroot.crt -keystore my.keystore

• Import the PKCS#7 file containg the complete certificate chain

  keytool -import -alias "my client key" -file mycert.p7 -keystore my.keystore

• Verify the content the resultant keystore file

  keytool -list -v -keystore my.keystore

Since:

4.0

Field Summary

Fields

Modifier and Type	Field and Description
static X509HostnameVerifier	ALLOW_ALL_HOSTNAME_VERIFIER Deprecated.
static X509HostnameVerifier	BROWSER_COMPATIBLE_HOSTNAME_VERIFIER Deprecated.
static java.lang.String	SSL Deprecated.
static java.lang.String	SSLV2 Deprecated.
static X509HostnameVerifier	STRICT_HOSTNAME_VERIFIER Deprecated.
static java.lang.String	TLS Deprecated.

Constructor Summary

Constructors

Constructor and Description
SSLSocketFactory(java.security.KeyStore truststore) Deprecated.
SSLSocketFactory(java.security.KeyStore keystore, java.lang.String keystorePassword) Deprecated.
SSLSocketFactory(java.security.KeyStore keystore, java.lang.String keystorePassword, java.security.KeyStore truststore) Deprecated.
SSLSocketFactory(javax.net.ssl.SSLContext sslContext) Deprecated.
SSLSocketFactory(javax.net.ssl.SSLContext sslContext, HostNameResolver nameResolver) Deprecated.
SSLSocketFactory(javax.net.ssl.SSLContext sslContext, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier) Deprecated.
SSLSocketFactory(javax.net.ssl.SSLContext sslContext, X509HostnameVerifier hostnameVerifier) Deprecated.
SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory, java.lang.String[] supportedProtocols, java.lang.String[] supportedCipherSuites, X509HostnameVerifier hostnameVerifier) Deprecated.
SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory, X509HostnameVerifier hostnameVerifier) Deprecated.
SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keyPassword, java.security.KeyStore truststore, java.security.SecureRandom random, HostNameResolver nameResolver) Deprecated.
SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keyPassword, java.security.KeyStore truststore, java.security.SecureRandom random, TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier) Deprecated.
SSLSocketFactory(java.lang.String algorithm, java.security.KeyStore keystore, java.lang.String keyPassword, java.security.KeyStore truststore, java.security.SecureRandom random, X509HostnameVerifier hostnameVerifier) Deprecated.
SSLSocketFactory(TrustStrategy trustStrategy) Deprecated.
SSLSocketFactory(TrustStrategy trustStrategy, X509HostnameVerifier hostnameVerifier) Deprecated.

Method Summary

Methods

Modifier and Type	Method and Description
java.net.Socket	connectSocket(int connectTimeout, java.net.Socket socket, HttpHost host, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, HttpContext context) Deprecated. Connects the socket to the target host with the given resolved remote address.
java.net.Socket	connectSocket(java.net.Socket socket, java.net.InetSocketAddress remoteAddress, java.net.InetSocketAddress localAddress, HttpParams params) Deprecated. Connects a socket to the target host with the given remote address.
java.net.Socket	connectSocket(java.net.Socket socket, java.lang.String host, int port, java.net.InetAddress local, int localPort, HttpParams params) Deprecated. Connects a socket to the given host.
java.net.Socket	createLayeredSocket(java.net.Socket socket, java.lang.String host, int port, boolean autoClose) Deprecated. Returns a socket connected to the given host that is layered over an existing socket.
java.net.Socket	createLayeredSocket(java.net.Socket socket, java.lang.String target, int port, HttpContext context) Deprecated. Returns a socket connected to the given host that is layered over an existing socket.
java.net.Socket	createLayeredSocket(java.net.Socket socket, java.lang.String host, int port, HttpParams params) Deprecated. Returns a socket connected to the given host that is layered over an existing socket.
java.net.Socket	createSocket() Deprecated. Creates a new, unconnected socket.
java.net.Socket	createSocket(HttpContext context) Deprecated. Creates new, unconnected socket.
java.net.Socket	createSocket(HttpParams params) Deprecated. Creates a new, unconnected socket.
java.net.Socket	createSocket(java.net.Socket socket, java.lang.String host, int port, boolean autoClose) Deprecated. Returns a socket connected to the given host that is layered over an existing socket.
X509HostnameVerifier	getHostnameVerifier() Deprecated.
static SSLSocketFactory	getSocketFactory() Deprecated. Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts file in the security properties directory).
static SSLSocketFactory	getSystemSocketFactory() Deprecated. Obtains default SSL socket factory with an SSL context based on system properties as described in "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform Standard Edition 5
boolean	isSecure(java.net.Socket sock) Deprecated. Checks whether a socket connection is secure.
protected void	prepareSocket(javax.net.ssl.SSLSocket socket) Deprecated. Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens).
void	setHostnameVerifier(X509HostnameVerifier hostnameVerifier) Deprecated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TLS

public static final java.lang.String TLS

Deprecated.

See Also:

Constant Field Values

SSL

public static final java.lang.String SSL

Deprecated.

See Also:

Constant Field Values

SSLV2

public static final java.lang.String SSLV2

Deprecated.

See Also:

Constant Field Values

ALLOW_ALL_HOSTNAME_VERIFIER

public static final X509HostnameVerifier ALLOW_ALL_HOSTNAME_VERIFIER

Deprecated.

BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

public static final X509HostnameVerifier BROWSER_COMPATIBLE_HOSTNAME_VERIFIER

Deprecated.

STRICT_HOSTNAME_VERIFIER

public static final X509HostnameVerifier STRICT_HOSTNAME_VERIFIER

Deprecated.

Constructor Detail

SSLSocketFactory

public SSLSocketFactory(java.lang.String algorithm,
                java.security.KeyStore keystore,
                java.lang.String keyPassword,
                java.security.KeyStore truststore,
                java.security.SecureRandom random,
                HostNameResolver nameResolver)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException

Deprecated.

Throws:

java.security.NoSuchAlgorithmException

java.security.KeyManagementException

java.security.KeyStoreException

java.security.UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(java.lang.String algorithm,
                java.security.KeyStore keystore,
                java.lang.String keyPassword,
                java.security.KeyStore truststore,
                java.security.SecureRandom random,
                TrustStrategy trustStrategy,
                X509HostnameVerifier hostnameVerifier)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException

Deprecated.

Throws:

java.security.NoSuchAlgorithmException

java.security.KeyManagementException

java.security.KeyStoreException

java.security.UnrecoverableKeyException

Since:

4.1

SSLSocketFactory

public SSLSocketFactory(java.lang.String algorithm,
                java.security.KeyStore keystore,
                java.lang.String keyPassword,
                java.security.KeyStore truststore,
                java.security.SecureRandom random,
                X509HostnameVerifier hostnameVerifier)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException

Deprecated.

Throws:

java.security.NoSuchAlgorithmException

java.security.KeyManagementException

java.security.KeyStoreException

java.security.UnrecoverableKeyException

Since:

4.1

SSLSocketFactory

public SSLSocketFactory(java.security.KeyStore keystore,
                java.lang.String keystorePassword,
                java.security.KeyStore truststore)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException

Deprecated.

Throws:

java.security.NoSuchAlgorithmException

java.security.KeyManagementException

java.security.KeyStoreException

java.security.UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(java.security.KeyStore keystore,
                java.lang.String keystorePassword)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException

Deprecated.

Throws:

java.security.NoSuchAlgorithmException

java.security.KeyManagementException

java.security.KeyStoreException

java.security.UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(java.security.KeyStore truststore)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException

Deprecated.

Throws:

java.security.NoSuchAlgorithmException

java.security.KeyManagementException

java.security.KeyStoreException

java.security.UnrecoverableKeyException

SSLSocketFactory

public SSLSocketFactory(TrustStrategy trustStrategy,
                X509HostnameVerifier hostnameVerifier)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException

Deprecated.

Throws:

java.security.NoSuchAlgorithmException

java.security.KeyManagementException

java.security.KeyStoreException

java.security.UnrecoverableKeyException

Since:

4.1

SSLSocketFactory

public SSLSocketFactory(TrustStrategy trustStrategy)
                 throws java.security.NoSuchAlgorithmException,
                        java.security.KeyManagementException,
                        java.security.KeyStoreException,
                        java.security.UnrecoverableKeyException

Deprecated.

Throws:

java.security.NoSuchAlgorithmException

java.security.KeyManagementException

java.security.KeyStoreException

java.security.UnrecoverableKeyException

Since:

4.1

SSLSocketFactory

public SSLSocketFactory(javax.net.ssl.SSLContext sslContext)

Deprecated.

SSLSocketFactory

public SSLSocketFactory(javax.net.ssl.SSLContext sslContext,
                HostNameResolver nameResolver)

Deprecated.

SSLSocketFactory

public SSLSocketFactory(javax.net.ssl.SSLContext sslContext,
                X509HostnameVerifier hostnameVerifier)

Deprecated.

Since:

4.1

SSLSocketFactory

public SSLSocketFactory(javax.net.ssl.SSLContext sslContext,
                java.lang.String[] supportedProtocols,
                java.lang.String[] supportedCipherSuites,
                X509HostnameVerifier hostnameVerifier)

Deprecated.

Since:

4.3

SSLSocketFactory

public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory,
                X509HostnameVerifier hostnameVerifier)

Deprecated.

Since:

4.2

SSLSocketFactory

public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory,
                java.lang.String[] supportedProtocols,
                java.lang.String[] supportedCipherSuites,
                X509HostnameVerifier hostnameVerifier)

Deprecated.

Since:

4.3

Method Detail

getSocketFactory

public static SSLSocketFactory getSocketFactory()
                                         throws SSLInitializationException

Deprecated.

Obtains default SSL socket factory with an SSL context based on the standard JSSE trust material (cacerts file in the security properties directory). System properties are not taken into consideration.

Returns:

default SSL socket factory

Throws:

SSLInitializationException

getSystemSocketFactory

public static SSLSocketFactory getSystemSocketFactory()
                                               throws SSLInitializationException

Deprecated.

Obtains default SSL socket factory with an SSL context based on system properties as described in "JavaTM Secure Socket Extension (JSSE) Reference Guide for the JavaTM 2 Platform Standard Edition 5

Returns:

default system SSL socket factory

Throws:

SSLInitializationException

createSocket

public java.net.Socket createSocket(HttpParams params)
                             throws java.io.IOException

Deprecated.

Description copied from interface: SchemeSocketFactory

Creates a new, unconnected socket. The socket should subsequently be passed to SchemeSocketFactory.connectSocket(Socket, InetSocketAddress, InetSocketAddress, HttpParams).

Specified by:

createSocket in interface SchemeSocketFactory

Parameters:

params - Optional parameters. Parameters passed to this method will have no effect. This method will create a unconnected instance of Socket class.

Returns:

a new socket

Throws:

java.io.IOException - if an I/O error occurs while creating the socket

Since:

4.1

createSocket

public java.net.Socket createSocket()
                             throws java.io.IOException

Deprecated.

Description copied from interface: SocketFactory

Creates a new, unconnected socket. The socket should subsequently be passed to connectSocket.

Specified by:

createSocket in interface SocketFactory

Returns:

a new socket

Throws:

java.io.IOException - if an I/O error occurs while creating the socket

connectSocket

public java.net.Socket connectSocket(java.net.Socket socket,
                            java.net.InetSocketAddress remoteAddress,
                            java.net.InetSocketAddress localAddress,
                            HttpParams params)
                              throws java.io.IOException,
                                     java.net.UnknownHostException,
                                     ConnectTimeoutException

Deprecated.

Description copied from interface: SchemeSocketFactory

Connects a socket to the target host with the given remote address.

Please note that HttpInetSocketAddress class should be used in order to pass the target remote address along with the original HttpHost value used to resolve the address. The use of HttpInetSocketAddress can also ensure that no reverse DNS lookup will be performed if the target remote address was specified as an IP address.

Specified by:

connectSocket in interface SchemeSocketFactory

Parameters:

socket - the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.

remoteAddress - the remote address to connect to.

localAddress - the local address to bind the socket to, or null for any

params - additional parameters for connecting

Returns:

the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.

Throws:

java.io.IOException - if an I/O error occurs

java.net.UnknownHostException - if the IP address of the target host can not be determined

ConnectTimeoutException - if the socket cannot be connected within the time limit defined in the params

Since:

4.1

See Also:

HttpInetSocketAddress

isSecure

public boolean isSecure(java.net.Socket sock)
                 throws java.lang.IllegalArgumentException

Deprecated.

Checks whether a socket connection is secure. This factory creates TLS/SSL socket connections which, by default, are considered secure.

Derived classes may override this method to perform runtime checks, for example based on the cypher suite.

Specified by:

isSecure in interface SchemeSocketFactory

Specified by:

isSecure in interface SocketFactory

Parameters:

sock - the connected socket

Returns:

true

Throws:

java.lang.IllegalArgumentException - if the argument is invalid

createLayeredSocket

public java.net.Socket createLayeredSocket(java.net.Socket socket,
                                  java.lang.String host,
                                  int port,
                                  HttpParams params)
                                    throws java.io.IOException,
                                           java.net.UnknownHostException

Deprecated.

Description copied from interface: SchemeLayeredSocketFactory

Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:

createLayeredSocket in interface SchemeLayeredSocketFactory

Parameters:

socket - the existing socket

host - the name of the target host.

port - the port to connect to on the target host

params - HTTP parameters

Returns:

Socket a new socket

Throws:

java.io.IOException - if an I/O error occurs while creating the socket

java.net.UnknownHostException - if the IP address of the host cannot be determined

Since:

4.2

createLayeredSocket

public java.net.Socket createLayeredSocket(java.net.Socket socket,
                                  java.lang.String host,
                                  int port,
                                  boolean autoClose)
                                    throws java.io.IOException,
                                           java.net.UnknownHostException

Deprecated.

Description copied from interface: LayeredSchemeSocketFactory

Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:

createLayeredSocket in interface LayeredSchemeSocketFactory

Parameters:

socket - the existing socket

host - the name of the target host.

port - the port to connect to on the target host

autoClose - a flag for closing the underling socket when the created socket is closed

Returns:

Socket a new socket

Throws:

java.io.IOException - if an I/O error occurs while creating the socket

java.net.UnknownHostException - if the IP address of the host cannot be determined

setHostnameVerifier

public void setHostnameVerifier(X509HostnameVerifier hostnameVerifier)

Deprecated.

getHostnameVerifier

public X509HostnameVerifier getHostnameVerifier()

Deprecated.

connectSocket

public java.net.Socket connectSocket(java.net.Socket socket,
                            java.lang.String host,
                            int port,
                            java.net.InetAddress local,
                            int localPort,
                            HttpParams params)
                              throws java.io.IOException,
                                     java.net.UnknownHostException,
                                     ConnectTimeoutException

Deprecated.

Description copied from interface: SocketFactory

Connects a socket to the given host.

Specified by:

connectSocket in interface SocketFactory

Parameters:

socket - the socket to connect, as obtained from createSocket. null indicates that a new socket should be created and connected.

host - the host to connect to

port - the port to connect to on the host

local - the local address to bind the socket to, or null for any

localPort - the port on the local machine, 0 or a negative number for any

params - additional parameters for connecting

Returns:

the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.

Throws:

java.io.IOException - if an I/O error occurs

java.net.UnknownHostException - if the IP address of the target host can not be determined

ConnectTimeoutException - if the socket cannot be connected within the time limit defined in the params

createSocket

public java.net.Socket createSocket(java.net.Socket socket,
                           java.lang.String host,
                           int port,
                           boolean autoClose)
                             throws java.io.IOException,
                                    java.net.UnknownHostException

Deprecated.

Description copied from interface: LayeredSocketFactory

Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:

createSocket in interface LayeredSocketFactory

Parameters:

socket - the existing socket

host - the host name/IP

port - the port on the host

autoClose - a flag for closing the underling socket when the created socket is closed

Returns:

Socket a new socket

Throws:

java.io.IOException - if an I/O error occurs while creating the socket

java.net.UnknownHostException - if the IP address of the host cannot be determined

prepareSocket

protected void prepareSocket(javax.net.ssl.SSLSocket socket)
                      throws java.io.IOException

Deprecated.

Performs any custom initialization for a newly created SSLSocket (before the SSL handshake happens). The default implementation is a no-op, but could be overridden to, e.g., call SSLSocket.setEnabledCipherSuites(java.lang.String[]).

Throws:

java.io.IOException - (only if overridden)

Since:

4.2

createSocket

public java.net.Socket createSocket(HttpContext context)
                             throws java.io.IOException

Deprecated.

Description copied from interface: ConnectionSocketFactory

Creates new, unconnected socket. The socket should subsequently be passed to connectSocket method.

Specified by:

createSocket in interface ConnectionSocketFactory

Returns:

a new socket

Throws:

java.io.IOException - if an I/O error occurs while creating the socket

connectSocket

public java.net.Socket connectSocket(int connectTimeout,
                            java.net.Socket socket,
                            HttpHost host,
                            java.net.InetSocketAddress remoteAddress,
                            java.net.InetSocketAddress localAddress,
                            HttpContext context)
                              throws java.io.IOException

Deprecated.

Description copied from interface: ConnectionSocketFactory

Connects the socket to the target host with the given resolved remote address.

Specified by:

connectSocket in interface ConnectionSocketFactory

Parameters:

connectTimeout - connect timeout.

socket - the socket to connect, as obtained from ConnectionSocketFactory.createSocket(HttpContext). null indicates that a new socket should be created and connected.

host - target host as specified by the caller (end user).

remoteAddress - the resolved remote address to connect to.

localAddress - the local address to bind the socket to, or null for any.

context - the actual HTTP context.

Returns:

the connected socket. The returned object may be different from the sock argument if this factory supports a layered protocol.

Throws:

java.io.IOException - if an I/O error occurs

createLayeredSocket

public java.net.Socket createLayeredSocket(java.net.Socket socket,
                                  java.lang.String target,
                                  int port,
                                  HttpContext context)
                                    throws java.io.IOException

Deprecated.

Description copied from interface: LayeredConnectionSocketFactory

Returns a socket connected to the given host that is layered over an existing socket. Used primarily for creating secure sockets through proxies.

Specified by:

createLayeredSocket in interface LayeredConnectionSocketFactory

Parameters:

socket - the existing socket

target - the name of the target host.

port - the port to connect to on the target host.

context - the actual HTTP context.

Returns:

Socket a new socket

Throws:

java.io.IOException - if an I/O error occurs while creating the socket